Hardening WIFI

Aaron Jones retro64xyz at gmail.com
Mon Dec 11 07:19:58 MST 2017


I am still using a raspberry pi as my intermediary between the wireless internet and some of my devices. This allows me to intelligently decide what to do with traffic, to check traffic for issues, and generally to keep any net related lifting off of my local device. 

The edimax cards I use share the usb bus but its plenty fast for shit posting on a chan or checking emails or whatever. You wouldn’t want to make it your first choice for large transfers or similar. 

Plus since the vpn is on the pi, its harder for a rogue site to request your traffic to bypass the vpn. Keyword harder not impossible. 

A few lithium batteries makes it more portable and if you pre fill it with your normal wifi spots you hit, it can sit in your backpack and just do the thing. For sure though you have to name it something tough like “vpnantifederalgovernmentmyinternethandsoffdonttouchfbi” just to really let people know you are leet. 

Thanks,
Aaron

> On Dec 11, 2017, at 6:42 AM, Stephen Partington <cryptworks at gmail.com> wrote:
> 
> this really is about all that's left in our current wifi protocols now. 
> 
>> On Sun, Dec 10, 2017 at 10:57 PM, Ed <plug at 0x1b.com> wrote:
>> If you want security and Wifi, do the security outside the context of
>> Wifi - like, require all Wifi traffic to be done through a vpn.
>> 
>> On Sun, Dec 10, 2017 at 4:28 PM, Carruth, Rusty
>> <Rusty.Carruth at smartm.com> wrote:
>> >
>> > ONLY 32?  Aren’t you allowed 128?
>> >
>> >
>> >
>> > Yeah, for the longest time mine was 128 chars long. VERY nasty when entering new devices…  My family finally forced me to make it a little shorter! ;-)
>> >
>> >
>> >
>> >
>> >
>> > Rusty Carruth | Customer Support | rusty.carruth at smarth.com | http://www.smarth.com
>> >
>> >
>> >
>> >          See the new M4
>> >
>> >
>> >
>> > See us on Storage Search    http://www.storagesearch.com/smart2.html
>> >
>> >
>> >
>> > 510-624-5391   | Fax: 480-926-5579   | 1325 N. Fiesta Blvd.  Suite 101 Gilbert, Az. 85233
>> >
>> >
>> >
>> > This email message (and any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
>> >
>> >
>> >
>> > From: PLUG-discuss [mailto:plug-discuss-bounces at lists.phxlinux.org] On Behalf Of techlists at phpcoderusa.com
>> > Sent: Saturday, December 09, 2017 1:02 PM
>> > To: Main PLUG discussion list
>> > Subject: Re: Hardening WIFI
>> >
>> >
>> >
>> >
>> >
>> > Appreciate your help and advice!!
>> >
>> >
>> >
>> >
>> >
>> > On 2017-11-23 15:52, Michael Butash wrote:
>> >
>> > Ensure you're only using wpa2-aes (no tkip, or mix wpa1-2), and use a very long psk string.  Ensure your clients aren't vulnerable to the blueborne and other wifi ota exploits.  Not much else you can do really unless you want to run a radius and/or cert pki in-house to do eap-tls, or peap.  You can crack against wpa2, but unless using an easy string, it's not easy or assured they will figure out your string.
>> >
>> >
>> >
>> > I use a 32char random string, special characters, really annoying when adding new devices, but I don't worry about someone cracking it.
>> >
>> >
>> >
>> > -mb
>> >
>> >
>> >
>> >
>> >
>> > On Thu, Nov 23, 2017 at 2:58 PM, <techlists at phpcoderusa.com> wrote:
>> >
>> >
>> >
>> > Hi,
>> >
>> > I would like to "Harden" my WIFI and am not sure where to start.  I seem to recall past discussions on replacing the standard equipment provided by our ISP.
>> >
>> > I would like to make it very difficult to hack my WIFI and I would like a firewall.  And I would like this to be "Plug and Play" as much as is possible.  In other words I would like to stay away from installing a Linux firewall on an extra PC and then having to maintain it.
>> >
>> > Please feel free to let me know if my expectations are not valid.
>> >
>> > Thanks in advance!!
>> >
>> > Keith
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> >
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> 
> 
> -- 
> A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.
> 
> Stephen
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20171211/1336deb9/attachment.html>


More information about the PLUG-discuss mailing list